upstream server are always redirected as https

Jonathan Matthews contact at
Fri Jun 29 13:59:44 UTC 2012

On 29 June 2012 08:10, henn1nk <nginx-forum at> wrote:
> I am always redirect to https://mydomain .... How can i STOP this?

Nothing in the nginx config you posted is doing this. It's almost
certainly your application that's choosing to issue the redirect.
If I had to guess, I'd suggest that your app is redirecting you, a
non-logged-in user, to a login page, which it insists on serving over
HTTPS so your login creds can't get sniffed.

You can verify that it's the app that's doing this by either

* watching your app's (*not* nginx's) per-request logs and seeing a
301/302 get issued or
* doing a "curl -v" against the URI you're hitting in your browser,
and looking out for response headers that let you know it's definitely
app responding, not nginx (for example "X-Powered-By:", etc) or
* doing a "curl -v" against the app *directly*, without involving
nginx, and seeing the 301/302 get issued.

Something like that, anyway; I hope you get the idea.

To stop this being a problem, you either need to

* set up an SSL nginx server which informs the app that it's a secure
connection or
* lie to the app, and tell it that the HTTP connection is actually secure
* tell the app not to insist on an SSL login.

I'd suggest you do the first of these. The "X-Forwarded-Proto" header
may be your friend. Have a google.

Jonathan Matthews
Oxford, London, UK

More information about the nginx mailing list